CVE-2022-48841
Last modified
CVE-2022-48841 is a medium-severity vulnerability rated 5.5/10 on the CVSS scale. In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on ring is accessed to propagate gathered Tx stats onto VSI stats. Change the existing logic to move to next ring when ring is NULL.. EPSS estimates a 0.21% chance of exploitation in the next 30 days.
Description
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in ice_update_vsi_tx_ring_stats() It is possible to do NULL pointer dereference in routine that updates Tx ring stats. Currently only stats and bytes are updated when ring pointer is valid, but later on ring is accessed to propagate gathered Tx stats onto VSI stats. Change the existing logic to move to next ring when ring is NULL.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | < 5.16.17 | — |
| Linux | Linux Kernel | 5.17 | Rc1 |
References
- https://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ffMailing List, Patch
- https://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333Mailing List, Patch
- https://git.kernel.org/stable/c/2397270ec97c5e3009a58ac110a25e1869e9d6ffMailing List, Patch
- https://git.kernel.org/stable/c/f153546913bada41a811722f2c6d17c3243a0333Mailing List, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-48841?
How severe is CVE-2022-48841?
How do I fix CVE-2022-48841?
Are you affected by CVE-2022-48841?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST